Enterprise Risk Management (“ERM”) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.
ERM represents a significant evolution beyond previous approaches to risk management in that it:
- Encompasses all areas of organizational exposure to risk (financial, operational, reporting, compliance, governance, strategic, reputational, etc.);
- Prioritizes and manages those exposures as an interrelated risk portfolio rather than as individual “silos”;
- Evaluates the risk portfolio in the context of all significant internal and external environments, systems, circumstances, and stakeholders;
- Recognizes that individual risks across the organization are interrelated and can create a combined exposure that differs from the sum of the individual risks;
- Provides a structured process for the management of all risks, whether those risks are primarily quantitative or qualitative in nature;
- Views the effective management of risk as a competitive advantage; and
- Seeks to embed risk management as a component in all critical decisions throughout the organization.